Data Privacy & Security Service DPS Digital Digest- The Privacy Issue
IN THIS ISSUE: Voice assistants in the classroom, data deletion, cybersecurity trends, and helpful (free) cybersecurity resources
Devices such as the Amazon Echo or Alexa and Google Home are designed for consumer use and therefore may pose security issues when used in schools. Voice assistants do not have service agreements or privacy policies and are not COPPA compliant, which raises legal implications for the K-12 education market. Federal and state guidance is vague on this subject. Do Voice Assistants Belong in the Classroom? Despite these warnings, if educators are using voice assistants they should: • Check district polices on classroom use of voice assistants • Know state and federal student privacy laws • Get parent permission • Manage device privacy settings
For more information and helpful tips check out: The Voice Assistant Device in Your Classroom ‘Alexa, Do You Belong in the Classroom?’ Safety and privacy do’s and don’ts with voice-activated technology
Amazon CEO Jeff Bezos confirmed in May, as a response to Senator Chris Cons (D-Delaware) ,that Amazon, as well as third parties that deploy skills on the Alexa platform, retain customers’ voice recordings and transcripts until the customer chooses to delete them. The companymay keep records of customer interactions for as long as they want.
“Amazon Confirms It Keeps Your Alexa Recordings Basically Forever”
Click this link for more details.
Comptroller’s Corner
The Office of the Comptroller conducted six Information Technology audits since June 2019. The results demonstrate a clear need for districts to address sensitive IT controls and to provide cybersecurity training for staff. Out of the five districts audited: • One district did not manage PPSI data properly. • Two districts did not disable, remove or update unecessary user accounts. • Employees were using computers for personal use and visiting personal sites in three districts. This could be a violation of the district Acceptable Use Policy. • Five out of six districts did not provide cybersecurity awareness training to employees • All six districtswereadvisedconfidentiallyonsensitive information technology (IT) Control Weaknesses
Money, Data, Security: The Biggest
Challenges Facing K-12 Tech Leaders
CoSN’s 2019 K-12 IT Leadership Survey identifies many challenges that school districts must address. EdWeek interviewed five district IT leaders to learn how they are responding to these challenges:
• Beefing up cybersecurity and running a secure network. • Budgeting on a shoestring – budgeting constraints are a major barrier but shouldn’t compromise security. • Leveraging data to drive instruction – more focus on the how and why of using classroom devices and instructional software.
• Breaking down information silos – information flow should be seamless and digital content interoperable. • Improving training and professional development – PD should always be ongoing and tied to impacting student learning, not looking cool. A higher level of consistency in how technology is viewed and implemented makes everyone more comfortable and on board.
Schools Collect Tons of Student Information. Deleting It All Is a Major Challenge Schools have historically erred on the side of retaining most data they collect which raises considerable risk. An effective policy on retention and deletion should be a top priority. FERPA and COPPA require third-party operators contracting with schools to destroy personally identifiable information when it is no longer needed, but state laws vary tremendously.
The Center for Democracy & Technology suggests three steps for states and districts to follow: • Create comprehensive inventories • Develop clear policies • Learn and employ technical best practices To learn more: Deletion and Student Privacy: I Forgot to Remember to Forget June 30th: National Student Data Deletion Day For K-12 Public Schools NYSED Student Records Retention and Disposition Schedule ED-1
Cybersecurity Trends
Due to the rapid nature of change in the field of cybersecurity, new themes and trends are constantly emerging. Here are some of the talking points being discussed:
• Fragmenting data privacy regulations • Better transparency and openness • The vulnerability of IoT • Integrated security systems and platforms
For details on each of these points see: Cyber security trends - what’s on the horizon?
“Push Technology Used in Mobile Attacks”
Hackers Target Local Government & Schools
News sites and other legitimate websites use web push technology to send out event notifications. Unfortunately, phishing attempts are being deployed in the same way with an Android trojan called Android.FakeApp.174. This malware pretends to be the official app and then opens a series of websites in Chrome that ask the user to allow notifications. If allowed, dubious content is launched to steal funds or information.
Hackers are targeting local goverment agencies and school districts in a series of ransomware attacks across the nation, including in our home state of New York. Attacks on school districts in Louisiana have been so frequest the state issued a state-of-emergen- cy declaration, the first the state has issued for a cyberattack. In mid-August, more than 20 Texas towns were targeted in a large-scale coordinated ransom- ware attack. The hits just keep on coming. NY Times : Hackers Latest Target: School Districts NPR : 22 Texas Towns Hit with Ransomware...
Click here to learn more about this malware delivery trend.
DPS News and Updates
Education Law 2-d Part 121 Update
The 45 day public comment period for the proposed Part 121 regulations closed on September 16. The implementation timeline shown below is dependent upon the Board of Regents adopting the updated proposed Part 121 regulations in October. Visit the NYS Education Department’s Student Data Privacy page for the latest updates.
Digital Citzenship Week is October 14-18 this year. Visit Common Sense Media’s Digital Citizenship Week’s page to learn more. You can also visit the RIC One DPS Digital Citizenship Resource Center to access a variety of digital citizenship resources.
Government Warnings Issued to Take “Immediate Action” to Defend Against Ransomware Attacks
A statement was released by four government technology organizations warning state and local governments (this includes school districts) to take “immediate action” and steps to defend themselves from ransomware attacks. The statement issued by the Department of HomelandSecurity’sCybersecurityandInfrastructure
Security Agency, the National Association of State Chief Information Officers, the National Governors Association and the Multi-State Information Sharing and Analysis Center explains the growing number of attacks makes “cyber preparedness a priority.” Districts should take necessary steps toward cyber- resilience as advised in this statement.
Cybersecurity Resources
Google Phishing Quiz- See if you would take the bait! Try out this new Google phishing quiz and see if you can “spot when you’re being phished.” Take your time taking this quiz and don’t get hooked! No More Ransom Project The “No More Ransom” initiative is a collaborative effort by law enforcement and IT security companies to combat cybercriminal activity. The goal of the project is help ransomware victims retrieve encrypted data without paying the ransom. Read this NY Times article titled “They Stole Your Files, You Don’t Have to Pay the Ransom” to learn more. Helpful Ransomware Tools Cybersecurity experts, including the FBI, advise against paying the ransom to cyber criminals. Here are some tools that may help to identify the ransomware strain you are dealing with and regain access to your data. ID Ransomware This free website “helps victims identify what ransomware may have encrypted their files.” Users can upload a ransom note and/or a sample encrypted file and the site will try to identify the ransomware that locked you out of your data.
Data Privacy & Security Service Digital Digest
Contact your Local RIC for additional information. Click here to find your local RIC contact.
For Subscribers to the Service:
• Digests & Archived Digests • Digital Debrief • Inventory Tool • Information Security Online Professional Development • Digital Blasts
The theme for 2019 National Cybersecurity Awareness Month (NCSAM) is ‘Own IT. Secure IT. Protect IT.’, encouraging “personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.” You can find more NCSAM information and resources by visiting https://staysafeonline.org/.
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6Made with FlippingBook - professional solution for displaying marketing and sales documents online